nolan <[email protected]> writes: > On 06/19/2015 02:43 PM, Greg Troxel wrote: >> So moving all srand/rand to random() sounds reasonable. Arguably there >> should only be a single seeding, but it's not clear to me that quagga is >> using this in places where cryptographically strong random numbers are >> needed, vs just avoiding timer synchronization. > > If Quagga is calling rand/srand/random in places where > cryptographically strong random numbers are needed, that is a serious > bug. The PRNGs in common libcs are not cryptographically strong.
That's true. But moving all rand() to random() is not incrementally wrong. Please feel free to point out specific problems.
pgpcYuUfe5VrD.pgp
Description: PGP signature
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
